// Validate database schema consistency — DDL in schema.py vs migrations.py vs architecture.md. Flags drift between the three sources of truth.
Generate and update user documentation from code, feature flows, and recent changes into docs/user-docs/
Detect drift between architecture.md and the actual code. Validates 15 architectural invariants and flags stale doc claims with suggested edits.
Validate config hygiene — docker-compose env vars vs .env.example vs code references vs architecture docs. Flags missing, stale, or undocumented configuration.
Chief Security Officer audit — infrastructure-first security scan with secrets archaeology, dependency supply chain, CI/CD pipeline, LLM/AI security, OWASP Top 10, STRIDE threat modeling, and active verification. Two modes — daily (8/10 confidence gate) and comprehensive (2/10 bar).
Run the Playwright frontend e2e suite against a live Trinity stack, analyze failures, and update visual regression snapshots. Use after UI changes, before merging a PR with the `ui` label, or when the `frontend-e2e` CI workflow fails.
Validate a pull request against the Trinity development methodology and generate a merge decision report.
| name | validate-schema |
| description | Validate database schema consistency — DDL in schema.py vs migrations.py vs architecture.md. Flags drift between the three sources of truth. |
| allowed-tools | ["Read","Grep","Glob","Bash"] |
| user-invocable | true |
Check that the three places defining database schema are consistent: db/schema.py (DDL), db/migrations.py (ALTER/CREATE for upgrades), and docs/memory/architecture.md (documentation). Report drift with specific mismatches. No changes are made — read-only analysis.
| Source | Location | Read | Write | Description |
|---|---|---|---|---|
| Schema DDL | src/backend/db/schema.py | R | Authoritative table definitions | |
| Migrations | src/backend/db/migrations.py | R | Schema evolution history | |
| Architecture docs | docs/memory/architecture.md | R | Documented schema |
Read src/backend/db/schema.py and extract:
CREATE TABLE statementsCREATE INDEX statementsBuild a map: table_name -> { columns: [{name, type, constraints}], indexes: [name] }
Read the "Database Schema" section of docs/memory/architecture.md and extract:
Build the same map structure.
Read src/backend/db/migrations.py and extract:
ALTER TABLE ... ADD COLUMN statementsCREATE TABLE IF NOT EXISTS statementsCREATE INDEX IF NOT EXISTS statementsFor each table in schema.py:
For each table in architecture.md:
For each migration that adds a column or table:
Grep src/backend/ (excluding db/schema.py and db/migrations.py) for:
CREATE TABLE — tables created outside the schema systemALTER TABLE — schema changes outside the migration systemADD COLUMN — ad-hoc column additionsFlag any findings as violations of Architectural Invariant #3.
Output a summary:
## Schema Validation Report
### Tables Summary
| Table | schema.py | architecture.md | Migrations | Status |
|-------|-----------|-----------------|------------|--------|
| users | Y | Y | - | PASS/FAIL |
...
### Drift Findings
#### schema.py vs architecture.md
- **Table X**: Column `foo` in schema.py but missing from docs
- **Table Y**: Type mismatch — schema says `INTEGER`, docs say `TEXT`
#### migrations.py vs schema.py
- **Migration v12**: Adds `bar` column to `users`, but schema.py DDL missing it
- **schema.py**: Column `baz` in `agents` has no migration (added directly to DDL?)
#### Ad-Hoc Schema
- **File**: path/to/file.py:line — `CREATE TABLE` outside schema system
**Result: X issues found (Y critical, Z informational)**
If any critical (P0-P1) drift was found, create or update a GitHub issue.
P0-P1 criteria (critical — cause runtime errors or data loss):
CREATE TABLE or ALTER TABLE outside schema systemCheck: Count critical issues from the report.
If critical issues > 0, find or create a tracking issue:
Dedupe guard — check for an existing open Schema Validation issue before creating:
EXISTING=$(gh issue list --repo abilityai/trinity \
--label "automated" --state open \
--search "\"Schema Validation\" in:title" \
--json number --jq '.[0].number')
Branch on $EXISTING. The two paths are mutually exclusive — execute exactly one.
Path A — $EXISTING is non-empty (open issue found): COMMENT, then STOP.
gh issue comment "$EXISTING" --repo abilityai/trinity --body "Re-run on $(date -u +%Y-%m-%d): [N] critical schema drift issues still present.
### Updated Critical Findings (P0-P1)
[List each critical finding with table name, issue type, and specific mismatch]
### Recommended Actions
1. [Prioritized fix for each — typically add migration or update schema.py]
---
*Generated by scheduled /validate-schema run*"
After commenting, DO NOT execute Path B. The skill workflow ends here for this run.
Path B — $EXISTING is empty (no open issue found): CREATE a new issue.
Only run this block when Path A did not run.
gh issue create \
--repo abilityai/trinity \
--title "Schema Validation: [N] critical drift issues found ($(date -u +%Y-%m-%d))" \
--body "## Automated Schema Validation Report
**Date**: $(date -u +%Y-%m-%d)
**Result**: [N] critical schema drift issues require attention
### Critical Findings (P0-P1)
[List each critical finding with table name, issue type, and specific mismatch]
### Recommended Actions
1. [Prioritized fix for each — typically add migration or update schema.py]
### Tracking Notes
- Future runs will comment on this issue rather than open a new one.
- Close this issue once all critical schema drift issues are resolved.
---
*Generated by scheduled /validate-schema run*" \
--label "type-bug,priority-p1,automated"
Concurrency caveat: best-effort, not atomic. Two simultaneous runners could both create issues; the next run will comment on the first one found. Close any duplicate manually.
If no critical issues (only informational like doc drift), skip issue creation — report only.
automated, priority-p1)